I know that someone who has hacked my computer has my mobile phone number and am concerned they may try hack my phone. This concerns me on two levels: firstly that all my messages, calls etc may be vulnerable, and secondly that Two factor Authentication may be exposed. How realistic are these concerns? What would they have to do to gain access to my phone? Given that I have mostly set up 2FA using text messages, would l I be better off using an Authenticator App? Or s that equally at risk? Should I change my number?
An Authenticator App is much safer than SMS (vulnerable to SIM swapping). The security of the phone depends a bit on the OS on the phone (Android is way more open, and thus vulnerable, then iOS).
Useful to know, thanks. How do mobile phones get hacked? And how can you stop it, other than obvious things like using a security app and taking care not tap links in texts/emails etc ?
"Pegasus" is a recent example of a very advanced hack for iPhones: https://www.theguardian.com/news/2021/jul/18/what-is-pegasus-spyware-and-how-does-it-hack-phones
It's not a regular cracker's software - it is for nation-state sponsored hacking groups etc Usually mobile phone is hacked by tricking user to download, install and gave permissions. Other way is to just trick to download, install malware on non-updated smartphone OS then malware app escalates its privileges itself via unpatched well-known vulnerabilities. Lastly there are phishing-ish malware that do not hack smartphone. Tricking user to download and install that app is enough if user then types in passwords, 2FA codes and personal information... Be aware what you install on your smartphone. Tips for Android: Do not install software blindly from unexpected sms/text messages even if link redirects to Google Play store. Always check what developer/company is distributing app you want to install. It is good to independently, concurrently find* an official website of company and search there for a link to an app on Google Play store and compare it with link that sms message redirected you to. Compare developer/company names! *be wary of ads in Google in searches - they may link to malware sites - be sure it is a legitimate search result not an ad
@reasonablePrivacy You're using an Android phone I guess? iOS Apps are sandboxed and can't: spy on what you type in any other App, unless the hacker (App) gets the user to install the hacker's third-party keyboard and enable Full Access spy on the network traffic of any other App, unless the hacker (App) gets the user to install the hacker's (fake/real) VPN and activate that (and possibly manually trusting a root certificate)
Interesting stuff. I feel want to change my number and probably get an iPhone too (yes I use Android). I think I also need Dual-SIM: I run a business and have to give out my number to a lot of people. Separate business and personal looks like a good move but I don't relish the complication.
As a further, related question: An app appeared on my phone last night that I did not remember installing. Is it possible for a hacker to install apps without access to my handset, using malware that I could just possibly have installed by taping a dubious link? If there is some malware present, how would I detect and destroy it? Would Makwarebytes be adequate? After uninstalling the app I ran MWB Premium plus I noticed a scan appeared to have been done by some native Android anti-malware, neither evidencing any infections. What are the odds of any baddies evading that?
I would suggest reading these (google "reddit 2fa sms hack") https://medium.com/@yihongpoo/reddits-hack-highlights-flaws-in-sms-based-2fa-7876c0861b1a https://www.reddit.com/r/privacy/comments/a4x8s2/i_learnt_that_hackers_can_bypass_twofactor_sms/ https://www.csoonline.com/article/3...lowed-attackers-to-skirt-2fa-protections.html https://www.pcmag.com/news/reddit-hacked-despite-sms-two-factor-authentication https://hackersonlineclub.com/reddit-systems-got-hacked-by-insecure-sms-2fa-setup/ https://www.bleepingcomputer.com/ne...ity-breach-after-hackers-bypassed-staffs-2fa/ https://www.tomshardware.com/news/reddit-2fa-sms-data-breach,37543.html https://www.securityweek.com/attackers-circumvent-two-factor-authentication-protections-hack-reddit https://www.reddit.com/r/privacy/comments/cq61vj/is_sms_2fa_secure/ I suggest to read all of them. It is not overlap.
Yes, I am using Android phones. First part of my post was more general while later part was more Android focused. Android apps are also sandboxed. There is probably slightly more ways to bypass than on iOS, but it is quite secure OS (not so privacy friendly...). Nevertheless it is best to avoid installing malware in the first place. Is it possible? Yes. Is it likely on up-to-date Android with patches? No.
I haven't read nor pretend to understand all the posts. But if you haven't done so change your Google PW ASAP.
Thanks for posting those. I have read all the posts in the list. They have raised another question - i.e. what can I do to defend against SIM-swapping? (I gather this can be done remotely as well as if someone impersonates you and get a physical SIM (unlikely, I would have thought with the security questions my provider asks). The articles have also not really answered what I can do to remove any malware beyond running MWB or similar? Will these aps do the job?> Btw I always install OS patches at the earliest opportunity.